qqbot-channel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md) calls QQ Channel API endpoints such as GET /channels/{channel_id}/threads and GET /channels/{channel_id}/threads/{thread_id} and displays thread/member content (including user-generated post content and avatar URLs) which the agent reads and can act on (e.g., fetching threads and posting comments), exposing it to untrusted third‑party user-generated content that could inject instructions.